I have 2 websites hosted on windows server 2012. One website is using asp.net while other is wordpress. I want to embed asp.net page in wordpress. But, it is not showing anything. I did some research and came to know that perhaps, I have to allow permission for external website. Please guide me how to do it, should I add anything in web.config? I added below in asp.net but it did not help
<head>
<meta http-equiv="X-Frame-Options" content="allow">
</head>
Please guide, how to allow external website in iframe?
The iframe looks like below:
[iframe mydomain.com/signIn.aspx 640px 400px]
Thanks
You can do it in your web.config (if hosted on IIS 7.0 or later):
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" /> <!-- optional -->
<add name="X-Frame-Options" value="ALLOW" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
This must be added in the application being "framed" (in your case an asp.net app), not in the parent app (wordpress).
Reference: https://www.iis.net/configreference/system.webserver/httpprotocol
Related
I have a MVC site that I want to load into Iframe. I have added the X-Frame-Options to AllowAll. When I try to load the site, I can see the html document in developer tools but the IFrame in the Page is blank.
I tried to create a web application on localohost with different port number and where I tried to load the MVC site in Iframe, it didnt work.
I tried to add a html in the same MVC site and loading itself in the html's Iframe (assuming port issue but still it will not load).
Any help will be appreciated.
I recently ran into a similar issue. The X-Frame-Options header did not work for me. I had to use the Content-Security-Policy header. In the web.config file, I set it to frame-src https://my-domain.com like this:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-src {your domain here}" />
</customHeaders>
</httpProtocol>
</system.webServer>
I checked some other solutions on StackOverflow and did not find the answer I am needing so I am asking this.
I have a site 'subdomain.myexamplesite.com' and my main website 'myexamplesite.com'.
I am hosting my CSS on 'myexamplesite.com' for the 'subdomain.myexamplesite.com' because I wanted to have all the CSS files in one place.
I don't have any issues with cross domain issues doing the hosting of the CSS files this way. Everything renders great.
The issue I have now is, I am using an #font-face and trying to get that to my subdomain site. But I am getting a cross domain error:
Font from origin 'https://www.myexamplesite.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://subdomain.myexamplesite.com' is therefore not allowed access.
The main website is a .Net website (Umbraco CMS to be exact) hosting on an IIS server. The other site is a different .Net site but still is hosted on IIS.
Since it is IIS, I don't think .htaccess file applies in my case.
I have a crossdomain.xml on my main website to allow access from my subdomain just to be sure. But that does not work.
I am referencing the font file correctly in the CSS for my subdomain site otherwise I don't think I would be getting the Font cross domain error.
Does anyone have any suggestions if it is possible to host fonts on my main domain and allow the sub domain site to use those same fonts.
Any ideas?
For a font file you need to set Access-Control-Allow-Origin http header.
To set it on all files add this to the web.config
<httpProtocol>
<customHeaders>
<remove name="Cache-Control" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
</customHeaders>
</httpProtocol>
Or more specific add something like this to the web.config below the <system.webServer> and set the location path to your font file.
<location path="static/fonts/source-sans-pro-regular.ttf" inheritInChildApplications="false">
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
See cross-domain-fonts
and 59378-Centralized-Umbraco-7-Dashboards-Access-Control-Allow-Origin
and access-control-allow-origin-multiple-origin-domains
and font-face-fonts-only-work-on-their-own-domain
I have an old asp.net intranet website.. I have been using IE 8 till now without any issue. Now I am trying to check if it works well with IE 11. I see that there is no problem with the site when requesting the page from IE 11 from my desktop.
But when I try to debug the same website locally in VS the controls are out of place and even fails to detect the IE Browser by
if(window.ActiveObject) which seems to be correct behaviour for IE 11.
Now I am wondering how the intranet website looks perfectly fine in IE 11. The server is Windows server 2008 IIS 7.
Any suggestion.
The window.ActiveXObject property is hidden from the DOM starting from IE11 so, you can no longer use it.
http://msdn.microsoft.com/en-us/library/ie/dn423948%28v=vs.85%29.aspx
In VS, it happens often to see the markup misaligned whenever in designer mode. But I think you should care less about that and focus more on the code markup instead
In the web config file you can use the customHeaders tag:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<httpRedirect enabled="false" />
<httpProtocol>
<customHeaders>
<remove name="X-UA-Compatible" />
<add name="X-UA-Compatible" value="IE=EmulateIE7" />
</customHeaders>
</httpProtocol>
I have a ASP.NET web application which is supposed to work on IE.
If I go to compatibility View Settings and uncheck Display intranet sites in Compatibility View and the domain is not added in the box Websites you've added in Compatibility View, the users sees the code not the forms of the page.
If I check the checkbox, he still sees the code, only after I add it in the box I can see the actual forms of the page.
I tried
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=IE5" />
</customHeaders>
</httpProtocol>
</system.webServer>
but still the same problem.
Is there another way to force it from code? I understand in the future the checkbox will be disabled so I must find I way to force the compatibility mode.
Can I add it to the box for Compatiblity View from code?
I want to disable x-frame-options in my website, I want that no other website can show my webpages in their web pages using iframes. My website is made in ASP.net MVC3 and hosted in IIS 7.5.
There are a bunch of ways to go about this. But one of the easiest is adding <customHeaders> section to the web.config and it will append that header to each request.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="DENY" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>